Ubuntu Security Notice USN-6531-1

Ubuntu Security Notice 6531-1 - Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. SeungHyun Lee discovered that Redis incorrectly handled specially crafted commands. An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash.

Red Hat Security Advisory 2023-7653-03

Red Hat Security Advisory 2023-7653-03 - An update to the images for Red Hat Integration - Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include bypass and denial of service vulnerabilities.

Red Hat Security Advisory 2023-7656-03

Red Hat Security Advisory 2023-7656-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7662-03

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7663-03

Red Hat Security Advisory 2023-7663-03 - Red Hat OpenShift distributed tracing 3.0.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7604-03

Red Hat Security Advisory 2023-7604-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7606-03

Red Hat Security Advisory 2023-7606-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2023-7602-03

Red Hat Security Advisory 2023-7602-03 - Red Hat OpenShift Container Platform release 4.13.25 is now available with updates to packages and images that fix several bugs.

Ubuntu Security Notice USN-6529-1

Ubuntu Security Notice 6529-1 - It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

WordPress MW WP Form 5.0.1 Arbitrary File Upload

WordPress MW WP Form plugin versions 5.0.1 and below suffer from an arbitrary file upload vulnerability.

Red Hat Security Advisory 2023-7638-03

Red Hat Security Advisory 2023-7638-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7639-03

Red Hat Security Advisory 2023-7639-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7641-03

Red Hat Security Advisory 2023-7641-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7599-03

Red Hat Security Advisory 2023-7599-03 - Red Hat OpenShift Container Platform release 4.14.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7637-03

Red Hat Security Advisory 2023-7637-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Debian Security Advisory 5572-1

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

Ubuntu Security Notice USN-6509-2

Ubuntu Security Notice 6509-2 - USN-6509-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox did not properly manage memory when images were created on the canvas element. An attacker could potentially exploit this issue to obtain sensitive information. It discovered that Firefox incorrectly handled certain memory when using a MessagePort. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage ownership in ReadableByteStreams. An attacker could potentially exploit this issue to cause a denial of service. It discovered that Firefox incorrectly did not properly manage copy operations when using Selection API in X11. An attacker could potentially exploit this issue to obtain sensitive information. Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative URLS starting with "///". An attacker could potentially exploit this issue to cause a denial of service.

Debian Security Advisory 5571-1

Debian Linux Security Advisory 5571-1 - It was discovered that missing input sanitising in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service.

Red Hat Security Advisory 2023-7633-01

Red Hat Security Advisory 2023-7633-01 - An update for rh-mariadb105-galera and rh-mariadb105-mariadb is now available for Red Hat Software Collections. Issues addressed include a null pointer vulnerability.

Debian Security Advisory 5570-1

Debian Linux Security Advisory 5570-1 - It was discovered that libnghttp2, a library implementing the HTTP/2 protocol, handled request cancellation incorrectly. This could result in denial of service.

Debian Security Advisory 5569-1

Debian Linux Security Advisory 5569-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6494-2

Ubuntu Security Notice 6494-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service or possibly expose sensitive information.

Ubuntu Security Notice USN-6495-2

Ubuntu Security Notice 6495-2 - Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service. Manfred Rudigier discovered that the Intel PCI-Express Gigabit Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6496-2

Ubuntu Security Notice 6496-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6502-4

Ubuntu Security Notice 6502-4 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.

Red Hat Security Advisory 2023-7616-01

Red Hat Security Advisory 2023-7616-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7617-02

Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.

Red Hat Security Advisory 2023-7341-01

Red Hat Security Advisory 2023-7341-01 - An update is now available for Red Hat Quay 3.

Ubuntu Security Notice USN-6526-1

Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6528-1

Ubuntu Security Notice 6528-1 - It was discovered that the HotSpot VM implementation in OpenJDK did not properly validate bytecode blocks in certain situations. An attacker could possibly use this to cause a denial of service. Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions.

Ubuntu Security Notice USN-6527-1

Ubuntu Security Notice 6527-1 - Carter Kozak discovered that OpenJDK, when compiling with AVX-512 instruction support enabled, could produce code that resulted in memory corruption in certain situations. An attacker targeting applications built in this way could possibly use this to cause a denial of service or execute arbitrary code. In Ubuntu, OpenJDK defaults to not using AVX-512 instructions. It was discovered that OpenJDK did not properly perform PKIX certification path validation in certain situations. An attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6519-2

Ubuntu Security Notice 6519-2 - USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended.

Ubuntu Security Notice USN-6525-1

Ubuntu Security Notice 6525-1 - Nicky Mouha discovered that pysha incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause pysha3 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6521-1

Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6522-1

Ubuntu Security Notice 6522-1 - It was discovered that FreeRDP incorrectly handled drive redirection. If a user were tricked into connection to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly obtain sensitive information. It was discovered that FreeRDP incorrectly handled certain surface updates. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6524-1

Ubuntu Security Notice 6524-1 - Nicky Mouha discovered that PyPy incorrectly handled certain SHA-3 operations. An attacker could possibly use this issue to cause PyPy to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6523-1

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.

Red Hat Security Advisory 2023-7580-01

Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7578-01

Red Hat Security Advisory 2023-7578-01 - An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7581-01

Red Hat Security Advisory 2023-7581-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7587-01

Red Hat Security Advisory 2023-7587-01 - An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7579-01

Red Hat Security Advisory 2023-7579-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

Red Hat Security Advisory 2023-7577-01

Red Hat Security Advisory 2023-7577-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7576-01

Red Hat Security Advisory 2023-7576-01 - An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7574-01

Red Hat Security Advisory 2023-7574-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7573-01

Red Hat Security Advisory 2023-7573-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7473-01

Red Hat Security Advisory 2023-7473-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7569-01

Red Hat Security Advisory 2023-7569-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7570-01

Red Hat Security Advisory 2023-7570-01 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7470-01

Red Hat Security Advisory 2023-7470-01 - Red Hat OpenShift Container Platform release 4.14.4 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7557-01

Red Hat Security Advisory 2023-7557-01 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include information leakage and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-7558-01

Red Hat Security Advisory 2023-7558-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7559-01

Red Hat Security Advisory 2023-7559-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7555-01

Red Hat Security Advisory 2023-7555-01 - OpenShift API for Data Protection 1.3.0 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7551-01

Red Hat Security Advisory 2023-7551-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include information leakage and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-7554-01

Red Hat Security Advisory 2023-7554-01 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7547-01

Red Hat Security Advisory 2023-7547-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7548-01

Red Hat Security Advisory 2023-7548-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7549-01

Red Hat Security Advisory 2023-7549-01 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-7545-01

Red Hat Security Advisory 2023-7545-01 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.